diff options
author | Pauli <pauli@openssl.org> | 2023-09-05 12:51:05 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-10-03 18:54:03 +1100 |
commit | 354053395fbd20e5efb584427b5da9be9231fd93 (patch) | |
tree | 609231a9dae7843a58166d8bf2b3cbc953af2b39 /doc/man7 | |
parent | bc347a35d025b989abfeb8ef556f895cb1ee9381 (diff) |
fips: use seed source requested
Fixes #21909
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22210)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/EVP_RAND-TEST-RAND.pod | 7 | ||||
-rw-r--r-- | doc/man7/provider-base.pod | 28 |
2 files changed, 30 insertions, 5 deletions
diff --git a/doc/man7/EVP_RAND-TEST-RAND.pod b/doc/man7/EVP_RAND-TEST-RAND.pod index 6ef3ee67ce..087dd9acb1 100644 --- a/doc/man7/EVP_RAND-TEST-RAND.pod +++ b/doc/man7/EVP_RAND-TEST-RAND.pod @@ -60,6 +60,13 @@ If there are insufficient data present to satisfy a call, an error is returned. Sets the bytes returned when the test generator is sent a nonce request. Each nonce request will return all of the bytes. +=item "generate" (B<OSSL_RAND_PARAM_GENERATE>) <integer> + +If this parameter is zero, it will only emit the nonce and entropy data +supplied via the aforementioned parameters. Otherwise, low quality +non-cryptographic pseudorandom output is produced. This parameter defaults +to zero. + =back =head1 NOTES diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 75cee0b858..6267510a67 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -76,11 +76,17 @@ provider-base size_t get_entropy(const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, size_t min_len, size_t max_len); + size_t get_user_entropy(const OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len); void cleanup_entropy(const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); size_t get_nonce(const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len); + size_t get_user_nonce(const OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, size_t max_len, + const void *salt, size_t salt_len); void cleanup_nonce(const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); @@ -171,8 +177,10 @@ provider): OPENSSL_cleanse OSSL_FUNC_OPENSSL_CLEANSE OSSL_SELF_TEST_set_callback OSSL_FUNC_SELF_TEST_CB ossl_rand_get_entropy OSSL_FUNC_GET_ENTROPY + ossl_rand_get_user_entropy OSSL_FUNC_GET_USER_ENTROPY ossl_rand_cleanup_entropy OSSL_FUNC_CLEANUP_ENTROPY ossl_rand_get_nonce OSSL_FUNC_GET_NONCE + ossl_rand_get_user_nonce OSSL_FUNC_GET_USER_NONCE ossl_rand_cleanup_nonce OSSL_FUNC_CLEANUP_NONCE provider_register_child_cb OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB provider_deregister_child_cb OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB @@ -302,9 +310,14 @@ output will have at least I<min_len> and at most I<max_len> bytes. The buffer address is stored in I<*pout> and the buffer length is returned to the caller. On error, zero is returned. +get_user_entropy() is the same as get_entropy() except that it will +attempt to gather seed material via the seed source specified by a call to +L<RAND_set_seed_source_type(3)> or via L<config(5)/Random Configuration>. + cleanup_entropy() is used to clean up and free the buffer returned by -get_entropy(). The entropy pointer returned by get_entropy() is passed in -B<buf> and its length in B<len>. +get_entropy() or get_user_entropy(). The entropy pointer returned by +get_entropy() or get_user_entropy() is passed in B<buf> and its length +in B<len>. get_nonce() retrieves a nonce using the passed I<salt> parameter of length I<salt_len> and operating system specific information. @@ -314,9 +327,14 @@ The output is stored in a buffer which contains at least I<min_len> and at most I<max_len> bytes. The buffer address is stored in I<*pout> and the buffer length returned to the caller. On error, zero is returned. -cleanup_nonce() is used to clean up and free the buffer returned by -get_nonce(). The nonce pointer returned by get_nonce() is passed in -B<buf> and its length in B<len>. +get_user_nonce() is the same as get_nonce() except that it will attempt +to gather seed material via the seed source specified by a call to +L<RAND_set_seed_source_type(3)> or via L<config(5)/Random Configuration>. + +cleanup_nonce() is used to clean up and free the buffer returned +by get_nonce() or get_user_nonce(). The nonce pointer returned by +get_nonce() or get_user_nonce() is passed in B<buf> and its length +in B<len>. provider_register_child_cb() registers callbacks for being informed about the loading and unloading of providers in the application's library context. |